Malicious Activity

Question 1

A vulnerability that allows an attacker to run a code or module that exploits a vulnerability

Answer 1

Arbitrary Code Execution

Question 2

A type of arbitrary code execution that allows an attacker to transmit code from a remote host

Answer 2

Remote Code Execution

Question 3

Occurs when a user accesses or modifies specific resources that they are not entitled to normally access

Answer 3

Privilege Escalation

Question 4

A class of malware that modifies system files, often at the kernel level, to conceal its presence.

Answer 4

Rootkit

Question 5

Type of network-based attack that involves maliciously repeating or delaying valid data transactions

Answer 5

Replay Attack

Question 6

Attacker alters real-time data transmissions

Answer 6

Session Hijack

Question 7

Unique data pieces that prevent session replay by attackers

Answer 7

Session Tokens

Question 8

A fundamental security component that enables web applications to identity a user

Answer 8

Session Management

Question 9

Allow web applications to retain information about the users

Answer 9

Cookies

Question 10

A type of spoofing attack where the host is disconnected and replaced by the attackers

Answer 10

Session Hijacking

Question 11

An attacker attempts to predict the session token to hijack that session.

Answer 11

Session Prediction

Question 12

Modifying the contents of a cookie to be sent a client’s browser and exploit the vulnerabilities in an application

Answer 12

Cookie Poisoning

Question 13

An attack where the penetration tester put the workstation logically between two hosts during the communication

Answer 13

On-path Attack

Question 14

Occurs when an attacker captures a valid data, which is then repeated immediately or delayed and then repeated

Answer 14

Replay

Question 15

Occurs when attackers insert themselves in between two hosts and become part of the conversation

Answer 15

Relay

Question 16

Tricking the encryption application with an HTTP connection instead of an HTTPS connection

Answer 16

SSL Stripping

Question 17

Occurs when an attacker attempts to have a client or server abandon its higher security mode

Answer 17

Downgrade Attack

Question 18

A protocol for access and maintenance of distributed directory information services

Answer 18

LDAP

Question 19

An attack in which LDAP statements, typically created by user input, are fabricated.

Answer 19

LDAP Injection

Question 20

A threat actor is able to execute arbitrary shell commands via a vulnerable web application

Answer 20

Command Injection

Question 21

A method of executing arbitrary code in the address space of a separate live process

Answer 21

Process Injection

Question 22

Data pieces that detect potential malicious activity on a network or system

Answer 22

IoC

Question 23

Signals a compromise when it’s triggered by numerous failed login attempts.

Answer 23

Account Lockout

Question 24

One user having multiple active session

Answer 24

Concurrent Session Usage

Question 25

When users try to access or download content that security measures have prevented

Answer 25

Blocked Content

Question 26

When suspicious logins occur from distant locations in a timeframe that makes physical travel between them impossible

Answer 26

Impossible Travel

Question 27

Unusual resource spikes can signal a compromise

Answer 27

Resource Consumption

Question 28

Inability to access certain resources, such as files, databases, or network services.

Answer 28

Resource Inaccessibility

Question 29

Logging events happening at odd times when no one is supposed to be active.

Answer 29

Out-of-Cycle Logging

Question 30

Attackers delete logs to cover their tracks and hinder investigations

Answer 30

Missing Logs

Question 31

Attacker may publicly announce their hacks to brag about their abilities or harm the organization's reputation

Answer 31

Articles or Documents on Security Breach